TY - GEN
T1 - Regularity of lossy RSA on subdomains and its applications
AU - Lewko, Mark
AU - O'Neill, Adam
AU - Smith, Adam
PY - 2013
Y1 - 2013
N2 - We build on an approach of Kiltz et al. (CRYPTO '10) and bring new techniques to bear on the study of how "lossiness" of the RSA trapdoor permutation under the φ-Hiding Assumption (φA) can be used to understand the security of classical RSA-based cryptographic systems. In particular, we show that, under φA, several questions or conjectures about the security of such systems can be reduced to bounds on the regularity (the distribution of the primitive e-th roots of unity mod N) of the "lossy" RSA map (where e divides φ(N)). Specifically, this is the case for: (i) showing that large consecutive runs of the RSA input bits are simultaneously hardcore, (ii) showing the widely-deployed PKCS #1 v1.5 encryption is semantically secure, (iii) improving the security bounds of Kiltz et al. for RSA-OAEP. We prove several results on the regularity of the lossy RSA map using both classical techniques and recent estimates on Gauss sums over finite subgroups, thereby obtaining new results in the above applications. Our results deepen the connection between "combinatorial" properties of exponentiation in ℤN and the security of RSA-based constructions.
AB - We build on an approach of Kiltz et al. (CRYPTO '10) and bring new techniques to bear on the study of how "lossiness" of the RSA trapdoor permutation under the φ-Hiding Assumption (φA) can be used to understand the security of classical RSA-based cryptographic systems. In particular, we show that, under φA, several questions or conjectures about the security of such systems can be reduced to bounds on the regularity (the distribution of the primitive e-th roots of unity mod N) of the "lossy" RSA map (where e divides φ(N)). Specifically, this is the case for: (i) showing that large consecutive runs of the RSA input bits are simultaneously hardcore, (ii) showing the widely-deployed PKCS #1 v1.5 encryption is semantically secure, (iii) improving the security bounds of Kiltz et al. for RSA-OAEP. We prove several results on the regularity of the lossy RSA map using both classical techniques and recent estimates on Gauss sums over finite subgroups, thereby obtaining new results in the above applications. Our results deepen the connection between "combinatorial" properties of exponentiation in ℤN and the security of RSA-based constructions.
UR - http://www.scopus.com/inward/record.url?scp=84883330159&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84883330159&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-38348-9_4
DO - 10.1007/978-3-642-38348-9_4
M3 - Conference contribution
AN - SCOPUS:84883330159
SN - 9783642383472
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 55
EP - 75
BT - Advances in Cryptology, EUROCRYPT 2013 - 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Proceedings
T2 - 32nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, EUROCRYPT 2013
Y2 - 26 May 2013 through 30 May 2013
ER -